Added BYPASSRLS|NOBYPASSRLS option while creating a Role. #6392
parent
4ce65ea770
commit
5240e8ccf8
Binary file not shown.
Before Width: | Height: | Size: 49 KiB After Width: | Height: | Size: 79 KiB |
|
@ -11,6 +11,7 @@ notes for it.
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
release_notes_8_3
|
||||
release_notes_8_2
|
||||
release_notes_8_1
|
||||
release_notes_8_0
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
***********
|
||||
Version 8.3
|
||||
***********
|
||||
|
||||
Release date: 2024-02-08
|
||||
|
||||
This release contains a number of bug fixes and new features since the release of pgAdmin 4 v8.2.
|
||||
|
||||
Supported Database Servers
|
||||
**************************
|
||||
**PostgreSQL**: 12, 13, 14, 15, and 16
|
||||
|
||||
**EDB Advanced Server**: 12, 13, 14, 15, and 16
|
||||
|
||||
Bundled PostgreSQL Utilities
|
||||
****************************
|
||||
**psql**, **pg_dump**, **pg_dumpall**, **pg_restore**: 16.0
|
||||
|
||||
|
||||
New features
|
||||
************
|
||||
|
||||
| `Issue #6392 <https://github.com/pgadmin-org/pgadmin4/issues/6392>`_ - Added BYPASSRLS|NOBYPASSRLS option while creating a Role.
|
||||
|
||||
Housekeeping
|
||||
************
|
||||
|
||||
|
||||
Bug fixes
|
||||
*********
|
|
@ -57,15 +57,13 @@ Use the *Privileges* tab to grant privileges to the role.
|
|||
drop roles. The default value is *No*.
|
||||
* Move the *Create databases* switch to the *Yes* position to control whether a
|
||||
role can create databases. The default value is *No*.
|
||||
* The *Update catalog?* switch is disabled until the role is given superuser
|
||||
privileges. Move the *Update catalogs?* switch to the *No* position to control
|
||||
whether a role can update catalogs. The default value is *Yes* when the
|
||||
*Superuser* switch is in the *Yes* position.
|
||||
* Move the *Inherit rights from the parent roles?* switch to the *No* position
|
||||
if a role does not inherit privileges. The default value is *Yes*.
|
||||
* Move the *Can initiate streaming replication and backups?* switch to the *Yes*
|
||||
position to control whether a role can initiate streaming replication or put
|
||||
the system in and out of backup mode. The default value is *No*.
|
||||
* Move the *Bypass RLS?* switch to the *Yes* position to control whether a
|
||||
role can bypasses every row-level security (RLS) policy. The default value is *No*.
|
||||
|
||||
.. image:: images/role_membership.png
|
||||
:alt: Role dialog membership tab
|
||||
|
|
|
@ -631,7 +631,6 @@ rolmembership:{
|
|||
|
||||
self.role = row['rolname']
|
||||
self.rolCanLogin = row['rolcanlogin']
|
||||
self.rolCatUpdate = row['rolcatupdate']
|
||||
self.rolSuper = row['rolsuper']
|
||||
|
||||
return False, ''
|
||||
|
@ -677,7 +676,8 @@ rolmembership:{
|
|||
self.alterKeys = [
|
||||
'rolcanlogin', 'rolsuper', 'rolcreatedb',
|
||||
'rolcreaterole', 'rolinherit', 'rolreplication',
|
||||
'rolconnlimit', 'rolvaliduntil', 'rolpassword'
|
||||
'rolconnlimit', 'rolvaliduntil', 'rolpassword',
|
||||
'rolbypassrls'
|
||||
] if self.manager.version >= 90200 else [
|
||||
'rolcanlogin', 'rolsuper', 'rolcreatedb',
|
||||
'rolcreaterole', 'rolinherit', 'rolconnlimit',
|
||||
|
@ -977,7 +977,6 @@ rolmembership:{
|
|||
conn=self.conn,
|
||||
role=self.role,
|
||||
rolCanLogin=self.rolCanLogin,
|
||||
rolCatUpdate=self.rolCatUpdate,
|
||||
rolSuper=self.rolSuper,
|
||||
alterKeys=self.alterKeys
|
||||
)
|
||||
|
@ -1034,7 +1033,6 @@ rolmembership:{
|
|||
conn=self.conn,
|
||||
role=self.role,
|
||||
rolCanLogin=self.rolCanLogin,
|
||||
rolCatUpdate=self.rolCatUpdate,
|
||||
rolSuper=self.rolSuper,
|
||||
alterKeys=self.alterKeys
|
||||
).strip('\n')
|
||||
|
|
|
@ -25,7 +25,7 @@ define('pgadmin.node.role', [
|
|||
type: 'coll-role',
|
||||
columns: [
|
||||
'rolname', 'rolvaliduntil', 'rolconnlimit', 'rolcanlogin',
|
||||
'rolsuper', 'rolcreaterole', 'rolcreatedb', 'rolcatupdate',
|
||||
'rolsuper', 'rolcreaterole', 'rolcreatedb',
|
||||
'rolinherit', 'rolreplication',
|
||||
],
|
||||
canDrop: true,
|
||||
|
|
|
@ -24,13 +24,13 @@ export default class RoleSchema extends BaseUISchema {
|
|||
rolcreaterole: false,
|
||||
rolcreatedb: false,
|
||||
rolinherit: true,
|
||||
rolcatupdate: false,
|
||||
rolreplication: false,
|
||||
rolmembership: [],
|
||||
rolmembers: [],
|
||||
rolvaliduntil: null,
|
||||
seclabels: [],
|
||||
variables: [],
|
||||
rolbypassrls: false,
|
||||
});
|
||||
this.getVariableSchema = getVariableSchema;
|
||||
this.getMembershipSchema = getMembershipSchema;
|
||||
|
@ -124,7 +124,7 @@ export default class RoleSchema extends BaseUISchema {
|
|||
type: 'switch',
|
||||
group: gettext('Privileges'),
|
||||
depChange: (state) => {
|
||||
state.rolcatupdate = state.rolcreaterole = state.rolcreatedb = state.rolsuper;
|
||||
state.rolcreaterole = state.rolcreatedb = state.rolbypassrls = state.rolsuper;
|
||||
},
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
|
@ -140,18 +140,6 @@ export default class RoleSchema extends BaseUISchema {
|
|||
type: 'switch',
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
{
|
||||
id: 'rolcatupdate', label: gettext('Update catalog?'),
|
||||
max_version: 90400,
|
||||
group: gettext('Privileges'),
|
||||
type: 'switch',
|
||||
disabled: (state) => {
|
||||
return !state.rolsuper;
|
||||
},
|
||||
readonly: () => {
|
||||
return !(obj.user.is_superuser || obj.user.can_create_role);
|
||||
}
|
||||
},
|
||||
{
|
||||
id: 'rolinherit', group: gettext('Privileges'),
|
||||
label: gettext('Inherit rights from the parent roles?'),
|
||||
|
@ -165,6 +153,12 @@ export default class RoleSchema extends BaseUISchema {
|
|||
min_version: 90100,
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
{
|
||||
id: 'rolbypassrls', group: gettext('Privileges'),
|
||||
label: gettext('Bypass RLS?'),
|
||||
type: 'switch',
|
||||
disabled: obj.readOnly,
|
||||
},
|
||||
{
|
||||
id: 'rolmembership', label: gettext('Member of'), group: gettext('Membership'),
|
||||
disabled: obj.readOnly,
|
||||
|
|
|
@ -24,7 +24,11 @@ CREATE ROLE {{ conn|qtIdent(data.rolname) }} WITH{% if data.rolcanlogin and data
|
|||
|
||||
REPLICATION{% else %}
|
||||
|
||||
NOREPLICATION{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
NOREPLICATION{% endif %}{% if data.rolbypassrls %}
|
||||
|
||||
BYPASSRLS{% else %}
|
||||
|
||||
NOBYPASSRLS{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
|
||||
CONNECTION LIMIT {{ data.rolconnlimit }}{% endif %}{% if data.rolvaliduntil and data.rolvaliduntil is not none %}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SELECT
|
||||
rolname, rolcanlogin, rolsuper AS rolcatupdate, rolsuper
|
||||
rolname, rolcanlogin, rolsuper
|
||||
FROM
|
||||
pg_catalog.pg_roles
|
||||
WHERE oid = {{ rid }}::OID
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SELECT
|
||||
r.oid, r.*, r.rolsuper as rolcatupdate,
|
||||
r.oid, r.*,
|
||||
pg_catalog.shobj_description(r.oid, 'pg_authid') AS description,
|
||||
ARRAY(
|
||||
SELECT
|
||||
|
|
|
@ -13,7 +13,8 @@ FROM
|
|||
CASE WHEN rolcreatedb THEN 'CREATEDB' ELSE 'NOCREATEDB' END || E'\n ' ||
|
||||
CASE WHEN rolcreaterole THEN 'CREATEROLE' ELSE 'NOCREATEROLE' END || E'\n ' ||
|
||||
-- PostgreSQL >= 9.1
|
||||
CASE WHEN rolreplication THEN 'REPLICATION' ELSE 'NOREPLICATION' END ||
|
||||
CASE WHEN rolreplication THEN 'REPLICATION' ELSE 'NOREPLICATION' END || E'\n ' ||
|
||||
CASE WHEN rolbypassrls THEN 'BYPASSRLS' ELSE 'NOBYPASSRLS' END ||
|
||||
CASE WHEN rolconnlimit > 0 THEN E'\n CONNECTION LIMIT ' || rolconnlimit ELSE '' END ||
|
||||
{% if show_password %}
|
||||
(SELECT CASE
|
||||
|
|
|
@ -33,7 +33,11 @@ ALTER ROLE {{ conn|qtIdent(rolname) }}{% if 'rolcanlogin' in data %}
|
|||
|
||||
{% if data.rolreplication %}
|
||||
REPLICATION{% else %}
|
||||
NOREPLICATION{% endif %}{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
NOREPLICATION{% endif %}{% endif %}{% if 'rolbypassrls' in data %}
|
||||
|
||||
{% if data.rolbypassrls %}
|
||||
BYPASSRLS{% else %}
|
||||
NOBYPASSRLS{% endif %}{% endif %}{% if 'rolconnlimit' in data and data.rolconnlimit is number and data.rolconnlimit >= -1 %}
|
||||
|
||||
CONNECTION LIMIT {{ data.rolconnlimit }}
|
||||
{% endif %}{% if 'rolvaliduntil' in data %}
|
||||
|
|
|
@ -7,6 +7,7 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
|||
INHERIT
|
||||
CREATEDB
|
||||
CREATEROLE
|
||||
REPLICATION;
|
||||
REPLICATION
|
||||
BYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role1_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
|
|
@ -7,6 +7,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
INHERIT
|
||||
CREATEDB
|
||||
CREATEROLE
|
||||
REPLICATION;
|
||||
REPLICATION
|
||||
BYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role2_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
|
|
@ -2,10 +2,11 @@ ALTER ROLE "Role2_$%{}[]()&*^!@""'`\/#"
|
|||
NOSUPERUSER
|
||||
NOCREATEDB
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
|
||||
VALID UNTIL '2050-01-01T00:00:00+05:30'
|
||||
PASSWORD 'xxxxxx';
|
||||
|
||||
ALTER ROLE "Role2_$%{}[]()&*^!@""'`\/#" IN DATABASE postgres
|
||||
SET application_name TO 'pg4';
|
||||
SET application_name TO 'pg4';
|
||||
|
|
|
@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
NOCREATEDB
|
||||
CREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '<TIMESTAMPTZ_1>';
|
||||
|
|
|
@ -7,6 +7,7 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
|||
INHERIT
|
||||
NOCREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION;
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role1_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
|
|
@ -7,6 +7,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
INHERIT
|
||||
NOCREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION;
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS;
|
||||
|
||||
COMMENT ON ROLE "Role2_$%{}[]()&*^!@""'`\/#" IS 'This is detailed description';
|
||||
|
|
|
@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '<TIMESTAMPTZ_1>';
|
||||
|
|
|
@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '2050-01-01 00:00:00+05:30';
|
||||
|
|
|
@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '2050-01-01 00:00:00+05:30';
|
||||
|
|
|
@ -8,6 +8,7 @@ CREATE ROLE "Role2_$%{}[]()&*^!@""'`\/#" WITH
|
|||
CREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT 100
|
||||
ENCRYPTED PASSWORD '<PASSWORD>'
|
||||
VALID UNTIL '2050-01-01 00:00:00+05:30';
|
||||
|
|
|
@ -5,5 +5,6 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
|||
CREATEROLE
|
||||
INHERIT
|
||||
REPLICATION
|
||||
BYPASSRLS
|
||||
CONNECTION LIMIT -1
|
||||
PASSWORD 'xxxxxx';
|
||||
PASSWORD 'xxxxxx';
|
||||
|
|
|
@ -7,4 +7,5 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
|||
INHERIT
|
||||
CREATEDB
|
||||
CREATEROLE
|
||||
REPLICATION;
|
||||
REPLICATION
|
||||
BYPASSRLS;
|
||||
|
|
|
@ -5,5 +5,6 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
|||
NOCREATEROLE
|
||||
INHERIT
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS
|
||||
CONNECTION LIMIT -1
|
||||
PASSWORD 'xxxxxx';
|
||||
PASSWORD 'xxxxxx';
|
||||
|
|
|
@ -7,4 +7,5 @@ CREATE ROLE "Role1_$%{}[]()&*^!@""'`\/#" WITH
|
|||
INHERIT
|
||||
NOCREATEDB
|
||||
NOCREATEROLE
|
||||
NOREPLICATION;
|
||||
NOREPLICATION
|
||||
NOBYPASSRLS;
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
"rolcreaterole": false,
|
||||
"rolcreatedb": false,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": false,
|
||||
"rolreplication": false,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
|
@ -36,7 +35,6 @@
|
|||
"rolcreaterole": false,
|
||||
"rolcreatedb": false,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": false,
|
||||
"rolreplication": false,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
|
@ -59,7 +57,6 @@
|
|||
"rolcreaterole": false,
|
||||
"rolcreatedb": false,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": false,
|
||||
"rolreplication": false,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
|
@ -189,8 +186,8 @@
|
|||
"rolcreaterole": true,
|
||||
"rolcreatedb": true,
|
||||
"rolinherit": true,
|
||||
"rolcatupdate": true,
|
||||
"rolreplication": true,
|
||||
"rolbypassrls": true,
|
||||
"rolmembership": [],
|
||||
"seclabels": [],
|
||||
"variables": []
|
||||
|
@ -232,6 +229,7 @@
|
|||
"rolsuper": false,
|
||||
"rolcreatedb": false,
|
||||
"rolreplication": false,
|
||||
"rolbypassrls": false,
|
||||
"rolpassword": "abc123",
|
||||
"rolconnlimit": 100,
|
||||
"rolvaliduntil": "2050-01-01 00:00:00 +05:30",
|
||||
|
|
|
@ -78,6 +78,7 @@ def get_role_data(lr_pwd):
|
|||
"rolconnlimit": -1,
|
||||
"rolcreaterole": "true",
|
||||
"rolinherit": "true",
|
||||
"rolbypassrls": "true",
|
||||
"rolmembership": [],
|
||||
"rolname": "test_role_%s" % str(uuid.uuid4())[1:8],
|
||||
"rolpassword": lr_pwd,
|
||||
|
|
|
@ -808,7 +808,7 @@ define('pgadmin.browser.node', [
|
|||
id: panelId,
|
||||
title: panelTitle,
|
||||
manualClose: true,
|
||||
icon: `dialog-node-icon ${evalFunc(this, this.node_image, dialogProps.itemNodeData) ?? ('icon-' + this.type)}`,
|
||||
icon: `dialog-node-icon ${evalFunc(this, this.node_image, dialogProps.nodeData) ?? ('icon-' + this.type)}`,
|
||||
content: (
|
||||
<ErrorBoundary>
|
||||
<ObjectNodeProperties
|
||||
|
|
Loading…
Reference in New Issue